Data Loss Prevention (DLP) systems are designed to detect and prevent unauthorized use and transmission of confidential information. Modern organizations typically maintain a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, and the like. Such data may be in the form of files, messages, web requests or the like. The DLP system may be implemented within a computing system or network to provide computer and information security by identifying, monitoring, and protecting data, while the data is in use (i.e. endpoint actions), in motion (i.e. network actions), and at rest (i.e. data storage). These DLP technologies apply configurable rules to identify objects, such as files, that contain sensitive data and should not be found outside of a particular enterprise or specific set of host computers or storage devices.
In an effort to monitor data upload traffic through a browser, most DLP systems focus primarily upon screening each file upload. However, focusing upon file accesses that correspond to upload activity without causing prohibitive delays remains a challenging task. Existing solutions rely on non-Hypertext Transfer Protocol Secure (HTTPS)-based traffic monitoring through network driver and HTTPS-based traffic monitoring using plugins or hooks into the browser. In the alternative, the HTTPS-based traffic monitoring may utilize Application File Access Control (AFAC). However, problems arise for these solutions due to a lack of standardization in specifying file names destined for uploads. In particular, these systems intercept HTTPS traffic prior to SSL encryption and then parse the headers for “well-known” attributes that encode file names. Yet, due to the lack of standardization, a risk exists for losing sensitive data when these well-known attributes are not used to specify the scheduled file or folder upload name. To further complicate matters, developers of web applications tend to deviate from standard protocols. Therefore, it is becoming difficult to keep pace with software versions implementing changes in web applications. The problem becomes even worse with frequent releases of browsers, as web applications exhibit different behaviors with each changed browser version. It is within this context that the embodiments arise.